Module 8: Routing as a Solution for Private Network Connectivity

• Explain that isolating a secure and private network, restricting Internet and private network traffic, supporting multiple protocols, and integrating with existing network designs are

Contents

Overview 1

Designing a Functional Routing Solution 7

Discussion: Designing Routing Solutions 20

Securing Private Network Connections 22

Enhancing a Routing Design for

Availability and Performance 30

Discussion: Enhancing Routing Solutions 31

Lab A: Designing a Routing Solution 33

Review 42

Module 8: Routing as a Solution for Private

Network Connectivity

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries/regions

Project Lead: Don Thompson (Volt Technical)

Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc

Instructional Design Consultants: Paul Howard, Susan Greenberg

Program Managers: Jack Creasey, Doug Steen (Independent Contractor)

Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies

Graphic Artist: Kirsten Larson (S&T OnSite)

Editing Manager: Lynette Skinner

Editor: Kristen Heller (Wasser)

Copy Editor: Kaarin Dolliver (S&T Consulting)

Online Program Manager: Debbi Conger

Online Publications Manager: Arlo Emerson (Aditi)

Online Support: Eric Brandt (S&T Consulting)

Multimedia Development: Kelly Renner (Entex)

Test Leads: Sid Benevente, Keith Cotton

Test Developer: Greg Stemp (S&T OnSite)

Production Support: Lori Walker (S&T Consulting)

Manufacturing Manager: Rick Terek (S&T OnSite)

Manufacturing Support: Laura King (S&T OnSite)

Lead Product Manager, Development Services: Bo Galford

Lead Product Manager: Ken Rosen

Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective owners

At the end of this module, students will be able to:

Recognize routing as a solution for connectivity between private networks

Evaluate and create a functional routing design

Select appropriate strategies to secure a private network connection

Select appropriate strategies to enhance the availability and performance of

a routing solution

Upon completion of the lab, students will be able to design a routing solution that supports the private network connectivity requirements of an organization

Course Materials and Preparation

This section provides you with the materials and preparation needed to teach this module

Required Materials

To teach this module, you need the following materials:

Microsoft® PowerPoint® file 1562B_08.ppt

Preparation Tasks

To prepare for this module:

Review the contents of this module

Read any relevant information in the Microsoft Windows® 2000 Help files, Windows 2000 Resource Kit, or in documents provided on the Instructor

CD

Read the relevant RFCs in the Windows 2000 Help files

Review the discussion material and be prepared to lead class discussions on the topics

Complete the lab and be prepared to elaborate beyond the solutions found there

Read the review questions and be prepared to elaborate beyond the answers provided in the text

Presentation:

90 Minutes

Lab:

60 Minutes

Module Strategy

Use the following strategy to present this module

Introducing Routing Routing, as provided by the Routing and Remote Access feature of Windows 2000, supports secured communication over private and public networks

In this section:

• Emphasize that the network designer needs to determine the number of locations and hosts, the routing protocols supported by the design, and the security requirements of the network This information provides the basic decisions for designing a routing solution

• Explain that isolating a secure and private network, restricting Internet and private network traffic, supporting multiple protocols, and

integrating with existing network designs are some of the main features

of Routing and Remote Access

• Point out that, to provide Resource Reservation Protocol (RSVP) support, reduce undesired traffic, and provide router authentication and encryption of data, the router integrates with other Windows 2000 networking services

Designing a Functional Routing Solution Designing a functional routing solution includes selecting and placing the routers within a network, and including various protocols in the design

In this section:

• Emphasize that the routers must be placed within the private network or

at the edge of the private network to localize traffic and maintain security

• Emphasize that the selection of interface address and subnet mask, interface data rate and persistence, and interface security is essential to integrating the router into the existing network

• Point out that static routing is included in the Routing and Remote Access design so that routers can forward packets to their respective destinations

• Point out that Routing Information Protocol (RIP)-for-Internet Protocol (IP) is included in the design so that routers can automatically update routing table information This is done to automatically update the routing table information

• Point out that Open Shortest Path First (OSPF) routing protocol must be included in the network design so that routers can automatically update routing information for unicast packets

• Explain that Internet Group Management Protocol (IGMP) is added to the routing design so that the router can pass IGMP Membership Report packets from a single-router private network to a multicast-capable portion of the Internet

• Explain that the DHCP Relay Agent must be included in the design so that routers can forward DHCP traffic from DHCP clients to DHCP servers

• Ensure that students understand the scenario description and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class

discussion on the students’ responses

Securing Private Network Connections The security of an IP routing design is measured by the ability of the design

to prevent unauthorized access to data transmissions Routing and Remote Access enhances IP routing security by encrypting data and mutual authentication of remote routers

In this section:

• Emphasize that, to ensure a secure network, undesired network traffic must be restricted by using Routing and Remote Access filters, and all traffic must be filtered based on the IP address and the protocol number

of the packets to be filtered

• Explain that Internet Protocol Security (IPSec) offers a variety of authentication and data encryption algorithms Selecting IPSec tunnel mode, and specifying the IPSec authentication protocol and encryption algorithm, are a few of the authentication methods

• Point out that virtual private network (VPN) tunnels can also be used to encrypt data and prevent the unauthorized viewing of confidential data that is transmitted across public networks

• Explain that RIP-for-IP or OSPF passwords, demand-dial authentication, and IPSec machine certificates are a few methods of authenticating routers to prevent the unauthorized viewing of confidential data

• Explain that routers can be placed within the private network to create screened subnets or to integrate into existing screened subnets Screened subnets isolate the private network from the Internet while allowing private network traffic to be routed between locations

Enhancing a Routing Design for Availability and Performance

By dedicating a computer to routing, selecting persistent wide area network (WAN) connections, and providing multiple routers or multiple WAN connections, the availability and performance of routing solutions can be enhanced

Make sure students understand the scenario description and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses

Lab Strategy

Use the following strategy to present this lab

Lab A: Designing a Routing Solution

In the design lab, students will design a routing solution based on the specific requirements outlined in the given scenario

Students will review the scenario and the design requirements and read any supporting materials They will use this information, and the knowledge gained from the module, to develop a detailed design that uses routing as a solution

To conduct the lab:

Read through the lab carefully, paying close attention to the instructions and

to the details of the scenario

Consider dividing the class into teams of two or more students

Present the lab, and make sure students understand the instructions and the purpose of the lab

Remind students to consider any functionality, security, availability, and performance criteria provided in the scenario, and how they will incorporate strategies to meet these criteria in their design

Allow some time to discuss the solutions after the lab is completed A solution is provided in your materials to assist you in reviewing the lab results Use the worksheet provided in the Instructors Handbook to record inputs for the possible solutions Encourage students to critique each other’s solutions and to discuss any ideas for improving their designs

Overview

Introducing Routing

Designing a Functional Routing Solution

Discussion: Designing Routing Solutions

Securing Private Network Connections

Enhancing a Routing Design for Availability and Performance

Discussion: Enhancing Routing Solutions

To share data and resources, geographically distributed private networks require connectivity between multiple locations These locations can be connected by using dedicated, private connections, or over shared, public networks such as the Internet

Routing, as provided by the Routing and Remote Access feature of Microsoft®

Windows® 2000, supports secured communication over private and public networks

At the end of this module, you will be able to:

Recognize routing as a solution for connectivity between private networks

Evaluate and create a functional routing design

Select appropriate strategies to secure a private network connection

Select appropriate strategies to enhance the availability and performance of

In this module, you will

evaluate and design

connectivity solutions

between private networks by

using Routing and Remote

Access

Explain to the students that

in this module, routing

always refers to the routing

provided by Routing and

Remote Access and that

router always refers to a

Routing and Remote

Access–based router,

unless otherwise specified

Introducing Routing

Design Decisions for a Routing Solution

Routing and Remote Access Features

Integration Benefits

Routing is provided by the Routing and Remote Access feature of Windows 2000 Routing and Remote Access supports multiple protocols and connects private networks while protecting the private network resources Routing and Remote Access addresses the essential requirements of any solution for connectivity between private networks

To design a routing solution based on Routing and Remote Access, you must:

Identify the design decisions that influence a routing solution

Identify how the features provided by Routing and Remote Access support the design requirements for connectivity between private locations

Identify the benefits of integrating Routing and Remote Access with other networking services

that connects private

networks while protecting

the private network

resources

Design Decisions for a Routing Solution

Number of Locations?

Number of Hosts at Each Location?

Routing Protocols Supported?

Secured Connectivity Between Private Networks?

Internet

Web Server

Demand-Dial

Screened Subnet

Screened Subnet

Central Office

Branch Office

Branch Office Router

Router Router

Routing designs that connect private networks are based on a number of design decisions like the number of locations to be connected, the number of hosts at each location, the routing protocols supported, and the security requirements Routing is an appropriate solution if the private network:

Is spread across multiple geographic locations

Includes any number of users

Supports industry standard routing protocols, such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), or Internet Group Management Protocol (IGMP)

Connects networks requiring router authentication and data encryption

Slide Objective

To describe the design

decisions that influence the

design of a Routing and

Remote Access solution

Lead-in

While designing a network

that connects private

networks, you need to

consider the number of

locations to be connected,

the number of hosts at each

location, the routing

protocols supported, and the

security requirements

Discuss the bulleted points

with students Tell them that

these are the questions they

need to answer before

designing a routing solution

Explain the relevance of

these decisions with

reference to the illustration

Routing and Remote Access Features

Isolating and Securing the Private Network

Integrating with Existing Network Designs

Restricting Internet and Private Network Traffic

Supporting Multiple Protocols

When designing a routing solution, you need to identify the features of Routing and Remote Access that fulfill the design requirements Typically, these features enhance the security, availability, or performance of your routing solution

Isolating and Securing the Private Network

Routing and Remote Access enhances the security of a network design by:

Isolating the private network from the Internet

Acting as an intermediary in the exchange of traffic between the Internet and the private network

Providing data encryption if the data transferred between locations is confidential

Supporting mutual authentication of routers to prevent an unauthorized router from receiving confidential data

Integrating with Existing Network Designs

After integrating with the existing network designs, Routing and Remote Access supports:

Internet Protocol (IP) and Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) routing protocols, thereby allowing the Routing and Remote Access-based routers to exchange routing table information with the existing routers

IP and IPX/SPX transport protocols on private networks, thereby allowing

IP and IPX/SPX-based clients to access the private network through the remote access server

Various interface types, such as dial-up modems, Integrated Services Digital Network (ISDN), asymmetric digital subscriber line (ADSL), T1, T3, or Synchronous Optical Network (SONET)

Slide Objective

To describe the features of

Routing and Remote

Access

Lead-in

When designing a Routing

and Remote Access

solution, you must

understand the features that

are available to support

connectivity between private

networks

Restricting Internet and Private Network Traffic

Routing and Remote Access allows you to restrict the traffic between private network segments, the Internet, and other private network locations Restricting the traffic enables you to limit user access between private network segments, and limit Internet user access to private network segments

Supporting Multiple Protocols

Routing and Remote Access supports various transport and routing protocols The following table lists the transport protocols supported by Routing and Remote Access, and the reason to include the protocols in your network design

Select For connectivity to private networks that support

Transmission Control Protocol/Internet Protocol (TCP/IP)

A variety of operating systems (such as UNIX and Macintosh) and the Internet

The following table lists the routing protocols supported by Routing and Remote Access, and the reason to include the protocols in your network design

Select

To automatically update routing table information

by using the

networks

Integration Benefits

Authentication and IPSec Tunnels

Machine Certificates and User Account Authentication

Demand-Dial Connections,

IP Filters, and VPN Tunnels

Routing and Remote Access–based Router

Active Directory

IPSec Routing and

Remote Access

The router integrates with other networking services to take advantage of their features These features require you to include additional specifications in the design, such as virtual private network (VPN) tunnels that are used for authentication and data encryption

The following table describes the benefits of integrating the router with other networking services

The router integrates with To

Internet Protocol Security (IPSec)

Provide router authentication and encryption of data transmitted between routers when specified

specified demand-dial connections

Reduce undesired traffic by using specified IP Filters Provide router authentication and encryption of data transmitted between routers

service

Provide Kerberos version 5 protocol certificates and user accounts so that router authentication occurs when specified

Slide Objective

To describe the benefits of

integrating the router with

other networking services

Lead-in

The router integrates with

other networking services

such as QoS, IPSec, and

Active Directory

Remind the students that in

this module, routing always

refers to the routing

provided by Routing and

Remote Access and that

router always refers to a

Routing and Remote

Access–based router,

unless otherwise specified

Designing a Functional Routing Solution

Placing Routers Within a Network

Integrating the Router into the Existing Network

Including Static Routing

Including the RIP-for-IP Routing Protocol

Including the OSPF Routing Protocol

Including the IGMP Routing Protocol

Including the DHCP Relay Agent

There are a few essential decisions that you need to make for a routing solution

to derive the specifications for the routing design After you establish these essential decisions, you can optimize the routing solution by adding security, availability, and performance enhancements to your design

The essential decisions for your routing design include:

Where to place the router within a network so that network traffic is localized without compromising on security

What IP address, persistence, data rate, and security router interface characteristics affect the integration of the router into the existing network

When to include static routing, and the static routing options that would affect the routing design

When to include the RIP-for-IP routing protocol, and the RIP-for-IP routing protocol options that affect the routing design

When to include the OSPF routing protocol, and the OSPF routing protocol options that affect the routing design

When to include the IGMP routing protocol, and the IGMP routing protocol options that affect the routing design

When to include the forwarding of Dynamic Host Configuration Protocol (DHCP) packets through the router, and the DHCP Relay Agent options that affect the routing design

For more information on routing protocols, see the Unicast Routing

white paper on the Student CD

Slide Objective

To introduce the decisions

involved in designing a

functional routing solution

when connecting private

networks

Lead-in

You can set the foundation

for your routing solution by

establishing the essential

requirements for connecting

private networks

Focus on high-level design

decisions and do not spend

time explaining the routing

protocols Students will

already be familiar with the

routing protocols

Note

Placing Routers Within a Network

Placing Routers Within the Private Network

Placing Routers at the Edge of the Private Network

Internet

Web Server

Demand-Dial

Screened Subnet

Screened Subnet

Central Office

Branch Office

Branch Office Router

Router Router

You need to place routers between the network segments so that network traffic

is localized and security maintained The routing provided by Windows 2000 is appropriate for providing routing between private network segments or between the private network and public networks

Placing Routers Within the Private Network

You need to place routers within the private network so that:

The network traffic is isolated to the source, destination, and intermediary network segments

Screened subnets are created within the private network, thereby protecting confidential data

Network packets can be exchanged between dissimilar network segments, such as between an Ethernet network segment and an asynchronous transfer mode (ATM) network segment

Placing Routers at the Edge of the Private Network

You need to place routers at the edge of the private network so that:

Remote locations within an organization can exchange network packets by using a public network

The private network is isolated from the public network, thereby protecting confidential data

Network packets can be exchanged between the private network segments and public network segments, such as between an Ethernet private network segment and an ISDN public network segment

Slide Objective

To introduce the decisions

involved in the placement of

routers within a network

Lead-in

You need to place routers

between the network

segments so that network

traffic is localized and

security maintained

Point out the placement of

the routers on the slide Ask

the students for suggestions

on where else the routers

can be placed

Integrating the Router into the Existing Network

Interface Address and Subnet Mask

Interface Data Rate and the Persistence

Interface Security

Internet

Web Server

Demand-Dial

Screened Subnet

Screened Subnet

Central Office

Branch Office

Branch Office Router

Router Router

Depending on the size of the network, your network design can include a number of routers Each router in the network design must have at least one interface, although most routers have more than one For each router interface, you must describe the interface characteristics so that the router can be integrated into the existing network

Selecting the Interface Address and Subnet Mask

When selecting the router interface address and subnet mask, remember that:

Each router interface requires an IP address and subnet mask

The IP address assigned to the router interface must be within the range of addresses that are assigned to the network segment that is directly connected

to the interface

The subnet mask assigned to the router interface must match the subnet mask that is assigned to the network segment that is directly connected to the interface

Selecting the Interface Data Rate and the Persistence

Each router interface connects to a private or public network segment These network segments can be persistent or non-persistent In addition, the data rates for these network segments can vary considerably You need to specify the data rate and persistence for router interfaces so that the router can connect to private and public network segments

Interfaces that connect to private network segments

Private network segments are based on local area network (LAN) technologies that are persistent interface connections The data rate of the private network segment is determined by the LAN technology, such as 100 megabits per second (Mbps) data transfer rate for 100 Mbps Ethernet

Slide Objective

To describe how to select

the router interface

characteristics that affect

the integration of the router

into the existing network

Lead-in

You must select the router

interface characteristics so

that you can integrate the

router into the existing

network

Interfaces that connect to public network segments

Public network segments are based on LAN and demand-dial technologies that can be persistent or nonpersistent Public network segments that appear to the router as LAN interfaces are persistent, and the data rate is determined by the LAN technology

Public network segments that appear as demand-dial interfaces are nonpersistent, and the data rate is determined by the underlying technology An example of this would be a 56 Kbps dial-up modem connection that supports a maximum data rate of 56 Kbps

There are situations in which you will include demand-dial interfaces in your routing solutions when the public network segments are based on LAN technologies For example, you can include a demand-dial VPN connection over a DSL connection Include a demand-dial interface in your design if:

An exchange of credentials is required to perform authentication, such as VPN tunnel authentication

Charges, such as ISDN connection charges, are accumulated if the public network segment is active

For example, to connect to another location across the Internet, one solution is

to specify a VPN tunnel over a DSL network segment In this example, you need to include the following interfaces in your design:

A LAN interface that supports the persistent DSL network segment

A demand-dial interface to perform the authentication required by the VPN tunnel

Selecting the Interface Security

Within a private network or over public network segments, you can protect confidential data by authenticating routers and encrypting the confidential data transferred between routers

When selecting the router interface security, remember that:

Each router interface can support a different level of security

The level of authentication and encryption assigned to the router interface must adhere to the authentication and encryption assigned to the network segment that is directly connected to the interface

Some private network segments may require encryption within the private network to further protect confidential data

Government regulations may restrict the data encryption standards that you may include in your design

As a best practice, you must authenticate all routers that communicate over public networks, and encrypt all data transmitted between these routers

Note

Including Static Routing

Default Route Entry

Auto-Static Route Entries

Demand-Dial

Screened Subnet

Screened Subnet

Central Office

Branch Office

Branch Office Router

Router

Router

You need to include static routing in the Routing and Remote Access design so that routers can forward packets to their respective destinations Static route entries are manually added to the routing table You can include static and dynamic routing in the same design so that you can control the amount of routing information transmitted between routers

Include static routing in your design:

To reduce the network traffic generated by dynamic routing protocols

To secure the network by preventing the transmission of routing table information

If the time spent in manually updating the routing tables is acceptable

If there is little or no change to the routing table information

To add a default route to the demand-dial interface if your network design includes a demand-dial interface

After you decide to include static routing, you need to specify default route entry, auto-static route entry, or both as the entries in your design

Default Route Entry

You can specify a default route entry for remote locations that connect to the

private network by using demand-dial connections A default route entry specifies that all IP packets with destinations outside the private network be forwarded through the demand-dial connection

The advantage of a default route entry is that a single static route entry needs to

be added only once, thereby reducing the manual modification to the routing

table The disadvantage of a default route entry is that any traffic, including

traffic for unreachable destinations (not on the remote network) is forwarded through the demand-dial connection

Slide Objective

To describe the decisions

involved when including

static routing in a Routing

and Remote Access design

Lead-in

You need to include static

routing in the Routing and

Remote Access design so

that routers can forward

packets to destinations

Auto-Static Route Entries

Auto-static route entries are a hybrid of static route entries and RIP-for-IP dynamic routing table entries Auto-static routes are static routes that are automatically added, at scheduled intervals, to the routing table by using the RIP-for-IP routing protocol across a demand-dial connection You can specify auto-static route entries for remote locations that connect to the private network

by using demand-dial connections

For a better understanding of auto-static route entries, consider a design that specifies that auto-static route entries be updated once every day at 12:00 midnight The following sequence illustrates the use of auto-static route entries:

1 The router initiates the demand-dial connection to other locations at 12:00 midnight

2 The router deletes any existing auto-static route entries that match the updates received by using RIP-for-IP

3 The router adds auto-static route entries for the updates received by using RIP-for-IP

4 The router initiates the demand-dial connection throughout the day for any

IP traffic destined for other locations The routing table information is not updated throughout the day

5 The cycle continues again at 12:00 midnight the following day

The advantage of auto-static routes is that unreachable destinations do not cause the router to initiate the demand-dial connection The disadvantage of auto-static routes is that the auto-static route entries must be periodically updated to reflect the subnets that are at other private network locations

For example, if a new subnet is added to another location and the local private network has not performed an auto-static update, all destinations on the new subnet are unreachable

Auto-static route entries are supported for RIP-for-IP, RIP-for-IPX, and SAP-for-IPX, but not OSPF

Note

Including the RIP-for-IP Routing Protocol

RIP Version Support

RIP Version 2 Options

Password: xYZzY-02 Multicast: Enabled

Password: xYZzY-02 Multicast: Enabled

Web Server

Demand-Dial

Screened Subnet

Screened Subnet

Central Office

Branch Office

Branch Office

= Multicast Traffic

Internet

Router

Router Router

You can include RIP-for-IP in the design so that routers can automatically update the routing table information Routing and Remote Access supports RIP versions 1 and 2

Include RIP in your routing design:

To automatically update routing table information

If the time spent in manually updating the routing tables is unacceptable

If there is constant change to the routing table information

If existing routers use RIP

If the design includes a demand-dial interface so that you can use RIP to create auto-static route entries

If the maximum number of routers that any IP packet must cross is less than 14

Routing and Remote Access considers all non-RIP learned routes, such

as static route entries, to be at a fixed hop count of two instead of one As a result, the normal maximum number of hops that any IP packet can cross is reduced from 15 to 14

Slide Objective

To describe the decisions

involved when including the

RIP routing protocol in a

routing design

Lead-in

You can include RIP-for-IP

in the design so that routers

can automatically update

routing table information

Note

Selecting the RIP Version Support

You can specify the RIP versions to include in the design based on the existing RIP version that is supportive of the network You can specify RIP version 2 support in your design by default, because RIP version 2 is a superset of the RIP version 1 RIP version 2 is required if your design includes:

Classless Inter-Domain Routing (CIDR)

Variable length subnet masks

Routing table updates by using multicast traffic

Simple password authentication between routers

Selecting the RIP Version 2 Options

If you want to include routing table updates by using multicast traffic or simple password authentication between routers, you must specify the RIP version 2 options that need to be included in the design

The following table lists the RIP version 2 options and why you would include either specific option in your design

Select this option If you want to

Routing table updates by using multicast

Reduce network traffic received by all computers on the network

routing table updates

The RIP version 2 password authentication is used in addition to any authentication credentials exchanged during the initiation of a demand-dial connection

Note

Including the OSPF Routing Protocol

Autonomous System

Area A Network 1

Area C Network 4

Area B Network 2 and 3

Internet

OSPF Autonomous System Design

OSPF Area Design

OSPF Network Design

You include the OSPF routing protocol in a network design so that routers can automatically update routing information for unicast packets Unlike RIP-for-IP

routers, OSPF routers maintain a map of the network in the link state database

Updates to the network are reflected in the link state database and are synchronized between routers

Include OSPF in your routing design if:

There is constant change to the routing information

Existing routers use OSPF

The design includes redundant paths between two subnets

The number of subnets in the design is over 50

You can simplify the creation of an OSPF design by subdividing the design into the following hierarchical levels:

OSPF Autonomous System All of the OSPF routers in an organization

define OSPF Autonomous Systems (AS) By default, only OSPF routes that correspond to directly connected network segments are considered part of the AS

OSPF Area A collection of OSPF routers that connect to contiguous

network segments All areas are connected through a common area, called a

backbone area, by using area border routers (ABR)

OSPF Network The individual network segments that are connected with

one or more OSPF routers

Slide Objective

To describe the decisions

involved when including a

OSPF routing protocol in a

routing design

Lead-in

You can include the OSPF

routing protocol in the

network design so that

routers can automatically

update routing information

Stress the fact that setting

up OSPF requires a lot of

work for smaller networks

Tell the students that OSPF

can be used for very large

scale network designs

Specifying the OSPF Autonomous System Design

When designing the OSPF Autonomous Systems level, you can:

Subdivide the OSPF autonomous system into areas that can be summarized

Subdivide your IP address space into an internetwork/area/subnet/host hierarchy, if possible

Make the backbone area a single, high-bandwidth network segment

Create stub areas whenever possible

A stub area is an area that does not maintain routes to external autonomous systems Instead, stub areas use a default route, network ID 0.0.0.0, with the subnet mask of 0.0.0.0, to communicate with external networks

All stub areas have a single entry and exit point to the backbone External routes cannot be sent into the stub area because the stub’s routing information is not forwarded to the external AS

Avoid virtual links whenever possible

Virtual links are established if two routers belong to the same area, but are not physically connected to the same backbone A disconnected area can be logically connected to the area backbone by establishing a virtual link between the disconnected area and the area backbone

Specifying the OSPF Area Design

When designing the OSPF area level, you can:

Ensure that all areas are assigned TCP/IP network IDs that result in a small number of routes within the area

Make the area ID the single route that is being advertised, if the area can be summarized with a single route

Ensure that multiple ABRs for the same area are summarizing the same routes

Ensure that all inter-area traffic crosses the backbone area

Keep the number of network segments in an area under 100

Specifying the OSPF Network Design

When designing the OSPF network level, you can:

Assign router priorities so that the least busy routers are the designated router and backup designated router

Designate link costs to reflect bit rate, delay, or reliability characteristics of the network segment

Assign a password to all of the routers in the same area

Note

Including the IGMP Routing Protocol

IGMP Router Mode Interface

IGMP Proxy Mode Interface

Private Network

IGMP Router Mode Interface

IGMP Proxy Mode Interface

Private Network

IGMP Registrations Multicast Traffic

Internet

Multicast Mbone Server

Routing and Remote Access-based Router

Many organizations are including applications and protocols that are based on multicast transmissions Microsoft NetMeeting® or Windows Media™ viewer are examples of applications that can take advantage of multicast transmissions RIP-for-IP version 2 is an example of a protocol that can take advantage of multicast transmissions to update routing information

The IGMP protocol allows multicast clients to register with servers so that the clients can receive multicast traffic from the server You can add the IGMP protocol to a routing design so that the router can pass IGMP Membership Report packets from a single-router private network to a multicast-capable portion of the Internet The multicast-capable portion of the Internet is known

as the Internet multicast backbone (Mbone)

Multicast clients on the private network use IGMP to register with IP capable routers so that the computers can receive IP multicast traffic All Windows 2000–based computers are IP multicast-capable

multicast-Include IGMP in your router design:

To enable multicast forwarding to IGMP clients directly connected to the

same subnet as the router

If existing routers are true multicast-capable routers

To receive multicast traffic from multicast sources on the Internet and send multicast registrations to the sources on the Internet

Slide Objective

To describe the decisions

involved when including an

IGMP routing protocol in a

routing design

Lead-in

You can include the IGMP

routing protocol in the

design so that routers can

automatically update the

multicast routing table

information

Routing and Remote Access IGMP support is separated into the following modes:

IGMP Router Mode In this mode, the router appears to be a

multicast-capable router to the IGMP client computers on the routed subnet

IGMP Proxy Mode In this mode, the router appears to be an IGMP client

computer to a true multicast-capable router

For more information on IGMP and multicast routing, see the Windows 2000 Help files

Specifying the IGMP Router Mode Interface

In Routing and Remote Access, the IGMP router mode interface listens for IGMP Membership Report packets from multicast clients, and tracks group membership Specify IGMP router mode on the interfaces connected to the same subnet as the IGMP clients

IP multicast-capable routers must be able to:

Listen for all multicast traffic on all attached networks

Listen for IGMP Membership Report packets and update the TCP/IP multicast forwarding table

Use a multicast routing protocol to propagate multicast group listening information to other multicast-capable routers

The IGMP routing protocol provided with Routing and Remote Access does not propagate multicast group listening information to other multicast-capable routers, and it is not a full multicast-protocol router

Specifying the IGMP Proxy Mode Interface

In Routing and Remote Access, the IGMP Proxy mode interface forwards IGMP Membership Report packets to upstream multicast-capable routers Specify IGMP Proxy mode on the interfaces connected to subnets that are serviced by upstream multicast-capable routers or multicast servers

When the router receives an IGMP Membership Report packet, the following steps occur:

1 The IGMP Proxy mode interface forwards the packet to upstream capable routers or to multicast servers

multicast-2 The upstream multicast-capable routers add the registrations to their multicast routing tables

3 The upstream multicast-capable routers use a multicast routing protocol to propagate multicast group membership to other multicast-capable routers

Note

Note

Including the DHCP Relay Agent

DHCP Servers and Clients Are on Isolated Subnets

Existing Routers Support DHCP or BOOTP Forwarding

Internet

DHCP Server

Demand-Dial

Screened Subnet

Screened Subnet

Central Office

Branch Office

Branch Office

DHCP Clients

Router

Router Router

When the private network is divided into multiple routed network segments that are configured by using DHCP, the routers isolate the DHCP servers from DHCP clients You must include the DHCP Relay Agent in the design so that routers can forward DHCP traffic from DHCP clients to DHCP servers

Include the DHCP Relay Agent in your router design if:

The network includes DHCP clients and servers that are placed on isolated network segments

The existing routers support DHCP or Bootstrap Protocol (BOOTP) forwarding

As a best practice, include the DHCP Relay Agent on routers that connect to only private network segments

You can include DHCP

packet forwarding in the

design so that routers can

forward DHCP traffic to

DHCP servers on other

subnets

Note